Hi All, On Friday 9 November 2007 23:52, Francesco Poli wrote: > Hi all again! > > DSA 1404-1 [1] claims that gallery2 version 2.1.2-2.0.etch.1 fixes > CVE-2007-4650 for etch. > The DSA page [2] seems to confirm this. > However the CVE page [3] tells a different story: it states that version > 2.1.2-2.0.etch.1 is vulnerable. > Is this a security-tracker internal inconsistency? I'm a bit confused by this. The tracker information now says: CVE-2007-4650 (Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow ...) {DSA-1404-1} - gallery2 2.2.3-1 [etch] - gallery2 <unfixed> (bug #441407) NOTE: does not affect gallery 1.x (package 'gallery') Do I need to replace that "<unfixed>" by hand by the fixed version? I somehow thought that the DSA-1404-1 would take care of that. Can someone enlighten me how this works exactly? thanks, Thijs
Attachment:
pgpqdrgZqqCDy.pgp
Description: PGP signature